hi there, given that apache is often re-started using apachectl and that apache/mod_php leaks environment variables and that mostly sudo is used in this process as well, i thought it would make good security sense to start httpd with env -i so that the admin's environment doing the restart is not exposed for all the world to see...
i am not going to restart my production machine for this to make sure, but i guess root's environment is also leaked when starting at bootup from /etc/rc. --- /usr/sbin/apachectl Sat Sep 26 21:04:28 2009 +++ apachectl Sat Sep 26 21:06:57 2009 @@ -25,7 +25,7 @@ PIDFILE=/var/www/logs/httpd.pid # # the path to your httpd binary, including options if necessary -HTTPD=/usr/sbin/httpd +HTTPD="/usr/bin/env -i /usr/sbin/httpd" # # a command that outputs a formatted text version of the HTML at the # url given on the command line. Designed for lynx, however other arguably, there could be some important env variables used for modifying apache/php's behaviour but probably the admin is aware of these and handles them accordingly, but i think the default should be more conservative. -f -- i promise not to let it happen again - until next time.
